Pages

Sunday, January 14, 2024

Linkedin "top computer networking voice" badge

This week, I saw I got on my LinkedIn profile the "top computer networking voice" badge.



Is it an achievement?
Actually not really, to get the badge you simply need to answer/comment the automatically generated answers about a question (which is also probably automatically generated).
Of course, you need to answer with relevant answers (to get the comment "liked") but not really rocket science.

Now about this new badge stuff, I was wondering if it was not part of the AI on going trend, Linkedin is part of Microsoft, Microsoft has a partnership with OpenAI (developping ChatGPT) ... and there was this video.


At 0:58, the slide shows the "training pipeline" to get a AI assistant.

So like I wrote earlier, you have automatically generated answers from AI, and you get some human answer, use the how the answers are relevant (based on the number of likes) and use the best answers to improve the train the AI (ChatpGPT).

So the badge is more token for participating in helping the AI to provide better answers than an actual proof of "expertise" as anyone with a LinkedIn ccount could answer.

Anyway, that's always good for my ego.

Sunday, December 31, 2023

Use Hostname to deduce running services

Disclaimer : the information in this article have been disclosed to my current company's Patent Committee in December 2023, but they took the decision not to pursue further with it, nor to keep it as Trade Secret, so this idea remains as a simple idea.
Therefore, I will simply disclose it here, I thought it was a good idea, maybe some people can see some interesting use case of it.
Also, as of today, I am not aware of any product / product feature that is using the idea.

So to understand the idea, let's start with some basics.

We talk about 'semantic' when we are talking about the meaning of a word.

In Computing and more specifically in Networking, this goes up to the bit level : 0 / 1 are distinct value, and they have a meaning (is / is no; true / false). So a bit alone may have a meaning, as a set of bits together.

For instance, the flags in the TCP header.

  TCP Header Format

                                    
    0                   1                   2                   3   
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          Source Port          |       Destination Port        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Sequence Number                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Acknowledgment Number                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Data |           |U|A|P|R|S|F|                               |
   | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
   |       |           |G|K|H|T|N|N|                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Checksum            |         Urgent Pointer        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             data                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                            TCP Header Format

          Note that one tick mark represents one bit position.

                               Figure 3. (from RFC 793)
For instance, the flag SYN when set to 1, mean the segment is the first segment sent by the host, and more important the sequence number in the header is the starting sequence number.
Another illustration of this semantic: the MAC address, and more specifically the first half of it. Those 3 bytes identify a specific vendor.
Last example I want to discuss in this post, is the IP address. You may have heard of the IP addressing, and with it, you may have some rules : for instance, in a network range, the first available address will be the gateway IP address, the 2nd one is for the active gateway (as a device), and the 3rd one is for the passive gateway (again as a device).
Basically:
x.x.x.1 for the default gateway
x.x.x.2 for the active node
x.x.x.3 for the passive node
All the 3 points are examples of semantic in Networking.
Now, there is a feature on PAN-OS which is allowing users to have some policies based on the IP Semantic : IP Wildcard Objects
The wildcard objects will match IPs meeting the wildcard object condition.
The idea I propose is about the hostname. All objects are defined with a hostname (simpler than to remember the IP address of every machine running on the network). Most of the time, the hostmame is defined following a naming convention, so if you can determine the naming convention or at least identify some key portion in the hostname to link to a running service, that can be saved for other purposes.
So by analysing a firewall configuration:
- we can get some mapping of hostname <-> security rules, for instance you have a security rule to allow dns request to the object "fr-dns-1".
- and by doing for a lot of configuration files, you can then get some trends on hostname portion <-> applications. For instance, when you collect 1000 security rules for DNS traffic to different hostnames, it will appear some characters may be common in most of the hostnames (for instance "dns" in a hostname may indicate the server runs DNS server).
So when some trends (hosntame part which are common for most of the security rule for the same application)  are identified for every application, it is then possible to have consumer services which could benefit from it:
- An AI-Copilot for configuration assistance ("Make a security rule to strictly allow only DNS application to the DNS servers")
- configuration audit, making sure that for all the hostnames found in a configuration, only the required applications are allowed.
- intelligence capabilities, if you collect all the A records, the applications running for all records can be returned. 

Monday, December 25, 2023

Lessons learnt from COVID-19

I think this will be one of the major health disaster of the 21th century. It has shows that in our hyperconnected world, it would not be difficult to spread a virus.

No need of a some people (activist or terrorits) to spread it, as shown in the movie "12 Monkeys".

We just need a virus with a long incubation time to allow people with no symptoms to travel before being sick...

Anyway, let's get back to the topic of this post, the lessons learnt from this period.

1 - Appreciate simple things
Being confined at home gives you time to appreciate things you would not noticed in the "pre-COVID" lifestyle.

2 - Keep contacts with relatives, friends, colleagues.
Also, it was not possible to physically meet, you can message/call or do a visio to discuss. It is different, but it is better than being totally in lockdown.

3 - Do not keep in the same location, positive cases and negative cases
Unless you want the positive cases to contamine the negative ones. It is like having zombies in a building with non contaminated people ...if you watched World War Z, you have a lot of times this situation, like that one
Or for IT people, it is like leaving a compromised machine with a worm in the production network waiting all the machines get infected.

4 - Believe in a cure.
Eventually, scientists will find a cure.
Multiple vaccins are going to be released.

Sunday, August 13, 2023

More than a contributor on PANCast

Have you heard of Palo Alto Networks' PANCast?

It is a podcast made by TAC engineers (me included) to Palo Alto Networks products users.
Not a sale oriented stuff, really focused on the technology, and how to use 110% capabilities of the products.

The podcast covers all possible topics : from basic troubleshooting tools by TAC to protection of your containers with Azure Container Registry (Prisma Cloud) or discussing the informations you can find in your Cortex XDR logs.

So far, I did an episode on Panorama and its capabilities as logging solution. And we have some episodes pending to be published. I know that because I am scheduling the releases of the episodes :p

So stay tuned.

Patent granted

In case you are not following me on LinkedIn, I guess you are not aware the patent application done on March 2021 has ended, and the patent has been granted officially on 31 January 2023.

The patent details can be found here.

As you will see the patent owner is Palo Alto Networks, as I disclosed my invention to my employer in their patent program.
The invention is directly something PAN-OS can benefit in order to secure communiations, and the technical issue addressed by the invention is addressed in the PAN-OS feature App-ID Cloud Engine.
(Disclaimer : I am not aware if Palo Alto Networks has or has not use the invention)

So how big achievement is it?
1- Before Palo Alto Networks decided or not to apply for a patent, you need to convince a Patent Committe of your invention, the challenge addressed by the invention.
I submitted few others ideas and they were rejected.

2- I am the first inventor (through the Patent Progam of the company) in APAC region.

3- I am also the first one working in Palo Alto Networks TAC.